* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2024-11-04 19:15 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2024-11-04 19:15 UTC (permalink / raw
To: gentoo-commits
commit: c603a83d4699861cefd1da38fb94c0025891553d
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 4 19:02:51 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Nov 4 19:14:39 2024 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=c603a83d
Fix behavior of utimensat(..., AT_EMPTY_PATH)
Bug: https://bugs.gentoo.org/935716
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 69000bb059a57560762b979e7957f96decb25f10)
libsandbox/libsandbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index e0928bb..18e9626 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -1064,7 +1064,7 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
* the rest should get rejected as "file/directory does not exist".
*/
if (file == NULL || file[0] == '\0') {
- if (file == NULL && dirfd != AT_FDCWD &&
+ if ((file == NULL || (flags & AT_EMPTY_PATH)) &&
(sb_nr == SB_NR_UTIMENSAT || sb_nr == SB_NR_FUTIMESAT))
{
/* let it slide -- the func is magic and changes behavior
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2024-12-22 19:19 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2024-12-22 19:19 UTC (permalink / raw
To: gentoo-commits
commit: eec2258014b6b01c450915171bacbefe29549a5e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 22 18:57:00 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Dec 22 19:12:55 2024 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=eec22580
Fix AT_EMPTY_PATH check
The flags argument has different meanings depending on the syscall.
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 18e5b33ea8237e725741fc4c67eb9d7b09e2f759)
libsandbox/libsandbox.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 2843536..ee0a07c 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -700,7 +700,11 @@ static bool symlink_func(int sb_nr, int flags)
return true;
/* These funcs sometimes operate on symlinks */
- if ((sb_nr == SB_NR_FCHOWNAT ||
+ if ((sb_nr == SB_NR_ACCESS_RD ||
+ sb_nr == SB_NR_ACCESS_WR ||
+ sb_nr == SB_NR_FACCESSAT ||
+ sb_nr == SB_NR_FACCESSAT2 ||
+ sb_nr == SB_NR_FCHOWNAT ||
sb_nr == SB_NR_FCHMODAT ||
sb_nr == SB_NR_UTIMENSAT) &&
(flags & AT_SYMLINK_NOFOLLOW))
@@ -709,6 +713,19 @@ static bool symlink_func(int sb_nr, int flags)
return false;
}
+static bool check_at_empty_path(int sb_nr, int flags)
+{
+ if (sb_nr == SB_NR_ACCESS_RD ||
+ sb_nr == SB_NR_ACCESS_WR ||
+ sb_nr == SB_NR_FACCESSAT ||
+ sb_nr == SB_NR_FACCESSAT2 ||
+ sb_nr == SB_NR_FCHOWNAT ||
+ sb_nr == SB_NR_FCHMODAT ||
+ sb_nr == SB_NR_UTIMENSAT)
+ return (flags & AT_EMPTY_PATH) ? true : false;
+ return false;
+}
+
static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
int flags, const char *abs_path, const char *resolv_path)
{
@@ -1067,7 +1084,7 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
return true; /* let the kernel reject this */
}
else if (file[0] == '\0') {
- if (!(flags & AT_EMPTY_PATH))
+ if (!check_at_empty_path(sb_nr, flags))
return true; /* let the kernel reject this */
}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2024-12-22 19:19 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2024-12-22 19:19 UTC (permalink / raw
To: gentoo-commits
commit: f5e8e2bf0d7a70618e3625a0fa92df007d0012fb
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 22 18:59:28 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Dec 22 19:12:56 2024 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f5e8e2bf
Restore exception for NULL path for utimensat
glibc rejects with EINVAL, but the kernel accepts it. We should do
access checks in case we are in ptrace mode.
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 6592e08cac452d580e0146f7de3c53a8cb51c933)
libsandbox/libsandbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index ee0a07c..c9b4e72 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -1080,7 +1080,7 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
if (file == NULL) {
/* futimesat treats dirfd as the target when file is NULL */
- if (sb_nr != SB_NR_FUTIMESAT)
+ if (sb_nr != SB_NR_FUTIMESAT && sb_nr != SB_NR_UTIMENSAT)
return true; /* let the kernel reject this */
}
else if (file[0] == '\0') {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2024-12-22 3:49 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2024-12-22 3:49 UTC (permalink / raw
To: gentoo-commits
commit: 6b34ab545c41e72024402a082eca52379c36035f
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 4 21:17:04 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Dec 22 03:43:25 2024 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=6b34ab54
resolve_dirfd_path: avoid appending a trailing / if path is empty
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit beb84c66b725b52d5152bb25521671b332520cc9)
libsandbox/libsandbox.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 18e9626..c4bfac8 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -159,8 +159,9 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
free(fd_path);
return -1;
}
- resolved_path[ret] = '/';
- resolved_path[ret + 1] = '\0';
+ if (path && path[0])
+ resolved_path[ret++] = '/';
+ resolved_path[ret] = '\0';
if (path)
strcat(resolved_path, path);
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2024-01-27 18:05 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2024-01-27 18:05 UTC (permalink / raw
To: gentoo-commits
commit: 83b7d3141d66f2b5a2613b677e4673a51a3e9654
Author: Sv. Lockal <lockalsash <AT> gmail <DOT> com>
AuthorDate: Sat Jan 27 10:44:55 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Jan 27 18:05:22 2024 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=83b7d314
Fix SIGSEGV in gtest death tests due to small stack
In https://github.com/google/googletest/blob/v1.14.0/googletest/src/gtest-death-test.cc#L1307
on x86-64 gtest sallocates 8192 bytes for `clone`:
```
static pid_t ExecDeathTestSpawnChild(char* const* argv, int close_fd) {
const auto stack_size = static_cast<size_t>(getpagesize() * 2);
...
child_pid = clone(&ExecDeathTestChildMain, stack_top, SIGCHLD, &args);
```
After that attempt to call execv is intercepted by libsandbox.so, which
allocates 8192 + more bytes multiple times on stack, causing SIGSEGV
(instead of expected types of crashes).
This PR moves all allocations for related function to heap, so now
call path fits `getpagesize() * 2` with large margin.
Bug: https://bugs.gentoo.org/923013
Closes: https://github.com/gentoo/sandbox/pull/26
Signed-off-by: Sv. Lockal <lockalsash <AT> gmail.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 1f7d3654498e17e0a91c83f57e6265e08628d5fe)
libsandbox/libsandbox.c | 34 +++++++++++++++++++++++++++++-----
1 file changed, 29 insertions(+), 5 deletions(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 6a7368c..e0928bb 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -132,7 +132,8 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
save_errno();
- char fd_path[SB_PATH_MAX];
+ char *fd_path = xmalloc(SB_PATH_MAX * sizeof(char));
+
size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);
if (trace_pid) {
sprintf(fd_path, "/proc/%i/fd/%i", trace_pid, dirfd);
@@ -148,12 +149,14 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
/* see comments at end of check_syscall() */
if (errno_is_too_long()) {
restore_errno();
+ free(fd_path);
return 2;
}
sb_debug_dyn("AT_FD LOOKUP fail: %s: %s\n", fd_path, strerror(errno));
/* If the fd isn't found, some guys (glibc) expect errno */
if (errno == ENOENT)
errno = EBADF;
+ free(fd_path);
return -1;
}
resolved_path[ret] = '/';
@@ -162,6 +165,7 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
strcat(resolved_path, path);
restore_errno();
+ free(fd_path);
return 0;
}
@@ -286,7 +290,7 @@ static char *resolve_path(const char *path, int follow_link)
}
if (!ret) {
- char tmp_str1[SB_PATH_MAX];
+ char *tmp_str1 = xmalloc(SB_PATH_MAX * sizeof(char));
snprintf(tmp_str1, SB_PATH_MAX, "%s", path);
dname = dirname(tmp_str1);
@@ -304,7 +308,7 @@ static char *resolve_path(const char *path, int follow_link)
filtered_path = NULL;
}
} else {
- char tmp_str2[SB_PATH_MAX];
+ char *tmp_str2 = xmalloc(SB_PATH_MAX * sizeof(char));
/* OK, now add the basename to keep our access
* checking happy (don't want '/usr/lib' if we
* tried to do something with non-existing
@@ -316,7 +320,10 @@ static char *resolve_path(const char *path, int follow_link)
snprintf(filtered_path + len, SB_PATH_MAX - len, "%s%s",
(filtered_path[len - 1] != '/') ? "/" : "",
bname);
+ free(tmp_str2);
}
+
+ free(tmp_str1);
}
}
@@ -1034,10 +1041,24 @@ bool is_sandbox_on(void)
return result;
}
+static int resolve_dirfd_path_alloc(int dirfd, const char *path, char **resolved_path)
+{
+ size_t resolved_path_size = SB_PATH_MAX * sizeof(char);
+ *resolved_path = xmalloc(resolved_path_size);
+ int result = resolve_dirfd_path(dirfd, path, *resolved_path, resolved_path_size);
+
+ if (result) {
+ free(*resolved_path);
+ *resolved_path = NULL;
+ }
+
+ return result;
+}
+
bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, int flags)
{
int result;
- char at_file_buf[SB_PATH_MAX];
+ char *at_file_buf;
/* Some funcs operate on a fd directly and so filename is NULL, but
* the rest should get rejected as "file/directory does not exist".
@@ -1056,7 +1077,7 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
}
}
- switch (resolve_dirfd_path(dirfd, file, at_file_buf, sizeof(at_file_buf))) {
+ switch (resolve_dirfd_path_alloc(dirfd, file, &at_file_buf)) {
case -1: return false;
case 0: file = at_file_buf; break;
case 2: return true;
@@ -1079,6 +1100,9 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
result = check_syscall(&sbcontext, sb_nr, func, file, flags);
+ if (at_file_buf)
+ free(at_file_buf);
+
sb_unlock();
if (0 == result) {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2024-01-22 21:41 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2024-01-22 21:41 UTC (permalink / raw
To: gentoo-commits
commit: f7d02c04b2a8e395f478bda03306fb68fb44ba4c
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 8 19:59:35 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jan 22 21:41:13 2024 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f7d02c04
libsandbox: stat the original path for EEXIST hackaround
Resolves an issue that can occur with paths that contain parent
directory references (/../).
If part of the path does not exist, the sandboxed program should get ENOENT,
not EEXIST. If we use the canonicalized path, intermediate paths will be
eliminated and we produce the wrong result.
Bug: https://bugs.gentoo.org/921581
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit ef9208bea4e0f0dff5abf358002565f36e4d7a8d)
libsandbox/pre_check_mkdirat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c
index b1e86cf..49c382a 100644
--- a/libsandbox/pre_check_mkdirat.c
+++ b/libsandbox/pre_check_mkdirat.c
@@ -37,7 +37,7 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
* will trigger a sandbox violation.
*/
struct stat64 st;
- if (0 == lstat64(canonic, &st)) {
+ if (0 == lstat64(pathname, &st)) {
int new_errno;
sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n",
func, pathname, canonic, strerror(errno));
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2023-08-06 0:40 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-08-06 0:40 UTC (permalink / raw
To: gentoo-commits
commit: ae2cb037f024a2bd417c6a241d907390876ecc8a
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 5 19:39:21 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 6 00:39:53 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=ae2cb037
resolve_dirfd_path: use separate buffer for readlink
Fixes a compile warning:
```
warning: passing argument 2 to 'restrict'-qualified parameter aliases with argument 1 [-Wrestrict]
```
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 4b27824ee27013c672f75bce2066c950a71280d2)
libsandbox/libsandbox.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 4edcf60..6a7368c 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -132,24 +132,25 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
save_errno();
+ char fd_path[SB_PATH_MAX];
size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);
if (trace_pid) {
- sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid, dirfd);
+ sprintf(fd_path, "/proc/%i/fd/%i", trace_pid, dirfd);
} else {
/* If /proc was mounted by a process in a different pid namespace,
* getpid cannot be used to create a valid /proc/<pid> path. Instead
* use sb_get_fd_dir() which works in any case.
*/
- sprintf(resolved_path, "%s/%i", sb_get_fd_dir(), dirfd);
+ sprintf(fd_path, "%s/%i", sb_get_fd_dir(), dirfd);
}
- ssize_t ret = readlink(resolved_path, resolved_path, at_len);
+ ssize_t ret = readlink(fd_path, resolved_path, at_len);
if (ret == -1) {
/* see comments at end of check_syscall() */
if (errno_is_too_long()) {
restore_errno();
return 2;
}
- sb_debug_dyn("AT_FD LOOKUP fail: %s: %s\n", resolved_path, strerror(errno));
+ sb_debug_dyn("AT_FD LOOKUP fail: %s: %s\n", fd_path, strerror(errno));
/* If the fd isn't found, some guys (glibc) expect errno */
if (errno == ENOENT)
errno = EBADF;
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2023-08-06 0:40 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-08-06 0:40 UTC (permalink / raw
To: gentoo-commits
commit: 0d063e31d575fb0a94b56219cafb0a198215b7aa
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 5 19:11:58 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 6 00:39:52 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=0d063e31
erealpath: drop unused path_max variable
The SB_PATH_MAX macro is always defined, so this variable was pointless.
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 128d5b32b301a552299feff7cc64e5f8f7c4fee7)
libsandbox/canonicalize.c | 26 +++++++++-----------------
1 file changed, 9 insertions(+), 17 deletions(-)
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index f742ed4..f282bdd 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -49,7 +49,6 @@ erealpath(const char *name, char *resolved)
{
char *rpath, *dest, *recover;
const char *start, *end, *rpath_limit;
- long int path_max;
if (name == NULL) {
/* As per Single Unix Specification V2 we must return an error if
@@ -66,16 +65,9 @@ erealpath(const char *name, char *resolved)
__set_errno(ENOENT);
return NULL;
}
-#ifdef SB_PATH_MAX
- path_max = SB_PATH_MAX;
-#else
- path_max = pathconf(name, _PC_PATH_MAX);
- if (path_max <= 0)
- path_max = 1024;
-#endif
if (resolved == NULL) {
- rpath = xmalloc(path_max);
+ rpath = xmalloc(SB_PATH_MAX);
} else {
/* We can't handle resolving a buffer inline, so demand
* separate read and write strings.
@@ -83,11 +75,11 @@ erealpath(const char *name, char *resolved)
sb_assert(name != resolved);
rpath = resolved;
}
- rpath_limit = rpath + path_max;
+ rpath_limit = rpath + SB_PATH_MAX;
recover = NULL;
if (name[0] != '/') {
- if (!egetcwd(rpath, path_max)) {
+ if (!egetcwd(rpath, SB_PATH_MAX)) {
rpath[0] = '\0';
goto error;
}
@@ -110,16 +102,16 @@ erealpath(const char *name, char *resolved)
if (lstat64(rpath, &st))
break;
if (S_ISLNK(st.st_mode)) {
- ssize_t cnt = readlink(rpath, rpath, path_max);
+ ssize_t cnt = readlink(rpath, rpath, SB_PATH_MAX);
if (cnt == -1)
break;
rpath[cnt] = '\0';
if (p) {
size_t bytes_left = strlen(p);
- if (bytes_left >= path_max)
+ if (bytes_left >= SB_PATH_MAX)
break;
strncat(rpath, name + (p - rpath + 1),
- path_max - bytes_left - 1);
+ SB_PATH_MAX - bytes_left - 1);
}
/* Ok, we have a chance at something better. If
@@ -187,10 +179,10 @@ erealpath(const char *name, char *resolved)
goto error;
}
new_size = rpath_limit - rpath;
- if (end - start + 1 > path_max)
+ if (end - start + 1 > SB_PATH_MAX)
new_size += end - start + 1;
else
- new_size += path_max;
+ new_size += SB_PATH_MAX;
new_rpath = (char *) xrealloc(rpath, new_size);
rpath = new_rpath;
rpath_limit = rpath + new_size;
@@ -213,7 +205,7 @@ erealpath(const char *name, char *resolved)
error:
if (resolved)
- snprintf(resolved, path_max, "%s", rpath);
+ snprintf(resolved, SB_PATH_MAX, "%s", rpath);
else
free(rpath);
free(recover);
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2023-08-06 0:40 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-08-06 0:40 UTC (permalink / raw
To: gentoo-commits
commit: c2f63554e729401f8ef44dbf3eb67ecc12ece58c
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 5 19:14:09 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 6 00:39:52 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=c2f63554
erealpath: leave space for a trailing '\0' in readlink's buffer
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 1c9a17d40de6dd3ea5b7aacaa76878357350881b)
libsandbox/canonicalize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index f282bdd..6c9a2d6 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -102,7 +102,7 @@ erealpath(const char *name, char *resolved)
if (lstat64(rpath, &st))
break;
if (S_ISLNK(st.st_mode)) {
- ssize_t cnt = readlink(rpath, rpath, SB_PATH_MAX);
+ ssize_t cnt = readlink(rpath, rpath, SB_PATH_MAX - 1);
if (cnt == -1)
break;
rpath[cnt] = '\0';
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2023-08-06 0:40 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-08-06 0:40 UTC (permalink / raw
To: gentoo-commits
commit: e4f9687b0517a691a82693c3bd772516fee01762
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 5 19:18:53 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Aug 6 00:39:53 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e4f9687b
erealpath: use separate buffer for readlink
Fixes a compiler warning:
```
warning: passing argument 2 to 'restrict'-qualified parameter aliases with argument 1 [-Wrestrict]
```
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 8c3bc21729c3ad13295b586cd185b2b5da686731)
libsandbox/canonicalize.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index 6c9a2d6..f8d32f0 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -102,10 +102,12 @@ erealpath(const char *name, char *resolved)
if (lstat64(rpath, &st))
break;
if (S_ISLNK(st.st_mode)) {
- ssize_t cnt = readlink(rpath, rpath, SB_PATH_MAX - 1);
+ char buffer[SB_PATH_MAX];
+ ssize_t cnt = readlink(rpath, buffer, SB_PATH_MAX - 1);
if (cnt == -1)
break;
- rpath[cnt] = '\0';
+ buffer[cnt] = '\0';
+ strcpy(rpath, buffer);
if (p) {
size_t bytes_left = strlen(p);
if (bytes_left >= SB_PATH_MAX)
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2023-08-04 0:27 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-08-04 0:27 UTC (permalink / raw
To: gentoo-commits
commit: 143e5fd3b50fa7085c9c4eb66c103e3c6d1b64c7
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 17 14:55:27 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Aug 4 00:26:27 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=143e5fd3
libsandbox: skip checking access() without W_OK or R_OK mode
If access/faccessat is called with F_OK or X_OK in the mode argument,
there is no need to check the path.
Bug: https://bugs.gentoo.org/910273
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 8d6a4839ebd909903691e4a71d6a94b3809adc82)
libsandbox/libsandbox.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index e5f6d38..08b85ce 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -1095,8 +1095,11 @@ bool before_syscall_access(int dirfd, int sb_nr, const char *func, const char *f
const char *ext_func;
if (flags & W_OK)
sb_nr = SB_NR_ACCESS_WR, ext_func = "access_wr";
- else
+ else if (flags & R_OK)
sb_nr = SB_NR_ACCESS_RD, ext_func = "access_rd";
+ else
+ /* Must be F_OK or X_OK; we do not need to check either. */
+ return true;
return before_syscall(dirfd, sb_nr, ext_func, file, flags);
}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
@ 2023-08-01 14:15 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-08-01 14:15 UTC (permalink / raw
To: gentoo-commits
commit: f3c48c3262edab7db3fc95d87ac1511a97ad930e
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 31 15:39:40 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Aug 1 14:15:12 2023 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f3c48c32
libsandbox: always permit access to '/memfd:'
For memfd objects, the kernel populates the target for symlinks under
/proc/$PID/fd as "/memfd:name". Said target does not actually exist.
It is unfortunate that the kernel includes the leading slash, but we
will just have to work around it.
Bug: https://bugs.gentoo.org/910561
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
(cherry picked from commit 27232d52fee4abecd5f709acc616fa1296e0464f)
libsandbox/libsandbox.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 847b4e2..e5f6d38 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -713,6 +713,12 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
/* Fall in a read/write denied path, Deny Access */
goto out;
+ if (!strncmp(resolv_path, "/memfd:", strlen("/memfd:"))) {
+ /* Allow operations on memfd objects #910561 */
+ result = 1;
+ goto out;
+ }
+
if (!sym_func) {
retval = check_prefixes(sbcontext->deny_prefixes,
sbcontext->num_deny_prefixes, resolv_path);
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-12-22 19:19 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-04 19:15 [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/ Mike Gilbert
-- strict thread matches above, loose matches on Subject: below --
2024-12-22 19:19 Mike Gilbert
2024-12-22 19:19 Mike Gilbert
2024-12-22 3:49 Mike Gilbert
2024-01-27 18:05 Mike Gilbert
2024-01-22 21:41 Mike Gilbert
2023-08-06 0:40 Mike Gilbert
2023-08-06 0:40 Mike Gilbert
2023-08-06 0:40 Mike Gilbert
2023-08-06 0:40 Mike Gilbert
2023-08-04 0:27 Mike Gilbert
2023-08-01 14:15 Mike Gilbert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox